Exploitation Summary
CVE-2016-6415 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 19, 2023.
EIP tracks 4 public exploits from researchers including nixawk, 3ndG4me, Nixawk, including a Metasploit module auxiliary/scanner/ike/cisco_ike_benigncertain.
AI-analyzed exploit summary This exploit targets CVE-2016-6415, a vulnerability in the Netgear WNDAP360 firmware. It sends a crafted payload to trigger a buffer overflow, potentially leading to remote code execution.
Description
The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.
Exploits (4)
This exploit targets CVE-2016-6415, a vulnerability in the Netgear WNDAP360 firmware. It sends a crafted payload to trigger a buffer overflow, potentially leading to remote code execution.
This repository contains a functional exploit for CVE-2016-6415, a memory leak vulnerability in Cisco IOS/IOS XE. The exploit sends a crafted IKEv1 packet to leak memory contents, which are then processed to extract ASCII strings and store them in a SQLite database for analysis.
This repository contains a Dockerized Python script that leverages the NSA BENIGNCERTAIN exploit to continuously poll a vulnerable Cisco PIX device, extract ASCII strings from memory, and store them in a SQLite database for analysis. The script automates the process of identifying potential passwords and sensitive information over time.
This Metasploit module exploits CVE-2016-6415, an IKEv1 information disclosure vulnerability in Cisco IOS, IOS XE, and IOS XR. It sends a crafted ISAKMP packet to leak memory contents from the target device.
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N